API Overview - Calseta

The Calseta REST API provides programmatic access to alerts, enrichment, workflows, detection rules, context documents, and platform metrics.

Base URL

http://localhost:8000/v1/

All endpoints are versioned under /v1/. Replace localhost:8000 with your deployment URL in production.

Authentication

Request Format

Content-Type: application/json for all request bodies (except file uploads)
Timestamps: ISO 8601 with timezone (e.g., 2025-01-15T10:30:00Z)
IDs: UUIDs in all paths and responses

Response Format

Single Resource

{
  "data": {
    "uuid": "abc123-...",
    "title": "Example Alert",
    "severity": "High"
  },
  "meta": {}
}

List (Paginated)

Errors

Endpoint Groups

Group	Base Path	Description
Alerts	`/v1/alerts`	Alert CRUD, ingestion, indicators, findings, context, activity
Detection Rules	`/v1/detection-rules`	Detection rule library
Context Documents	`/v1/context-documents`	Organizational knowledge
Workflows	`/v1/workflows`	Automation functions
Workflow Approvals	`/v1/workflow-approvals`	Human-in-the-loop approval
Enrichment	`/v1/enrichments`	On-demand enrichment
Enrichment Providers	`/v1/enrichment-providers`	Provider configuration
Field Extractions	`/v1/enrichment-field-extractions`	Enrichment field extraction mappings
Agents	`/v1/agents`	Agent webhook registration
Source Integrations	`/v1/source-integrations`	Alert source configuration
Metrics	`/v1/metrics`	Platform metrics
API Keys	`/v1/api-keys`	Key management

Ingestion

Alert ingestion uses a separate path: POST /v1/ingest/{source_name}. This endpoint returns 202 Accepted within 200ms — all enrichment and dispatch happen asynchronously via the task queue.

API Reference

​Base URL

​Authentication

​Request Format

​Response Format

​Single Resource

​List (Paginated)

​Errors

​Endpoint Groups

​Ingestion